Drop patch present in 4.13.4

2017-09-28 13:21:42 -07:00 · 2017-09-28 13:21:42 -07:00 · d1e360d978
parent 7f47d72242
commit d1e360d978
2 changed files with 0 additions and 70 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -661,9 +661,6 @@ Patch714: V4-acpi-acpica-fix-acpi-parse-and-parseext-cache-leaks.patch
 # CVE-2017-13695 rhbz 1485349
 Patch715: acpi-acpica-fix-acpi-operand-cache-leak-in-nseval.c.patch

-# CVE-2017-14051 rhbz 1487126 1487127
-Patch717: v2-scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
-
 # Should fix our QXL issues (Doesn't)
 Patch718: qxl-fixes.patch

--- a/v2-scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
+++ b/v2-scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
@ -1,67 +0,0 @@
-From patchwork Wed Aug 30 13:30:35 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: [v2] scsi: qla2xxx: Fix an integer overflow in sysfs code
-From: Dan Carpenter <dan.carpenter@oracle.com>
-X-Patchwork-Id: 9929625
-Message-Id: <20170830133035.nbkiled5hhdt26ui@mwanda>
-To: qla2xxx-upstream@qlogic.com, shqking <shqking@gmail.com>,
- Joe Carnuccio <joe.carnuccio@qlogic.com>
-Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
- "Martin K. Petersen" <martin.petersen@oracle.com>,
- linux-scsi@vger.kernel.org, security@kernel.org
-Date: Wed, 30 Aug 2017 16:30:35 +0300
-
-The value of "size" comes from the user.  When we add "start + size"
-it could lead to an integer overflow bug.
-
-It means we vmalloc() a lot more memory than we had intended.  I believe
-that on 64 bit systems vmalloc() can succeed even if we ask it to
-allocate huge 4GB buffers.  So we would get memory corruption and likely
-a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
-
-Only root can trigger this bug.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
-
-Cc: stable@vger.kernel.org
-Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
-Reported-by: shqking <shqking@gmail.com>
-Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
-v2: Add stable and the URL for bugzila
-
-diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
-index 75c4b312645e..9ce28c4f9812 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
-+++ b/drivers/scsi/qla2xxx/qla_attr.c
-@@ -318,6 +318,8 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		return -EINVAL;
- 	if (start > ha->optrom_size)
- 		return -EINVAL;
-+	if (size > ha->optrom_size - start)
-+		size = ha->optrom_size - start;
- 
- 	mutex_lock(&ha->optrom_mutex);
- 	switch (val) {
-@@ -343,8 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		}
- 
- 		ha->optrom_region_start = start;
-		ha->optrom_region_size = start + size > ha->optrom_size ?
-		    ha->optrom_size - start : size;
-+		ha->optrom_region_size = start + size;
- 
- 		ha->optrom_state = QLA_SREADING;
- 		ha->optrom_buffer = vmalloc(ha->optrom_region_size);
-@@ -417,8 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		}
- 
- 		ha->optrom_region_start = start;
-		ha->optrom_region_size = start + size > ha->optrom_size ?
-		    ha->optrom_size - start : size;
-+		ha->optrom_region_size = start + size;
- 
- 		ha->optrom_state = QLA_SWRITING;
- 		ha->optrom_buffer = vmalloc(ha->optrom_region_size);